CVE-2023-28342: Zoho ManageEngine ADSelfService Plus before 6218 allows anyo..
zohocorp
•
Apr 5, 2023
•
Apr 12, 2023
Description
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
Products affected:
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 4.5
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0
zohocorp» manageengine_adselfservice_plus » 5.0.6
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.1
zohocorp» manageengine_adselfservice_plus » 5.2
zohocorp» manageengine_adselfservice_plus » 5.2
zohocorp» manageengine_adselfservice_plus » 5.2
zohocorp» manageengine_adselfservice_plus » 5.2
zohocorp» manageengine_adselfservice_plus » 5.2
zohocorp» manageengine_adselfservice_plus » 5.2
zohocorp» manageengine_adselfservice_plus » 5.2
zohocorp» manageengine_adselfservice_plus » 5.2
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.3
zohocorp» manageengine_adselfservice_plus » 5.4
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.5
zohocorp» manageengine_adselfservice_plus » 5.6
zohocorp» manageengine_adselfservice_plus » 5.6
zohocorp» manageengine_adselfservice_plus » 5.6
zohocorp» manageengine_adselfservice_plus » 5.6
zohocorp» manageengine_adselfservice_plus » 5.6
zohocorp» manageengine_adselfservice_plus » 5.6
zohocorp» manageengine_adselfservice_plus » 5.6
zohocorp» manageengine_adselfservice_plus » 5.6
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.7
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 5.8
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.0
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.1
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
zohocorp» manageengine_adselfservice_plus » 6.2
In a few clicks Akto can analyze your API attack surface and see what APIs are vulnerable to OWASP Top 10 and other common CWEs.
Severity
7.5
/
10
CVSS base metrics
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
User interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Exploitability Score
3.9
Impact Score
3.6
Weakness
NVD-CWE-noinfo__
Learn from academy
What is Metasploit and Nmap?
Drupal Penetration Testing
NIST Penetration Testing
Nessus Penetration Testing
Qualys Penetration Testing
Grey Box Penetration Testing Methodology
Black Box Penetration Testing Methodology
Cloud Penetration Testing Methodology
Active Directory Pentesting Methodology
GraphQL Penetration Testing Methodology
What is API Pentesting?
What is Automated Penetration Testing?
What is API Security?
What is API Security Posture?
What is API Security Testing?
API Security Checklist
What is a Shadow API?
What is a Zombie API?
What are Business Logic Vulnerabilities?
What is API Protection?
What is API Linting?
What is API Sprawl?
Security Misconfiguration in API
What is Internal API?
What is External API?
Internal vs External API
Sensitive Data Exposure
Data at Rest
Data in Transit
Data Breaches
API Security and Compliance
SOC 2: A Guide to SOC 2 Compliance
FedRAMP Guidelines
What is HIPAA Compliance
Authentication
Authorization
Authentication vs Authorization
HTTP Authentication
Access-Control-Allow-Origin (ACAO)
What is API?
Related tests
JWT authentication bypass via jku header injection
eSMTP - Config Discovery
Nginx - Git Configuration Exposure
Laravel - Sensitive Information Disclosure
Docker Container - Misconfiguration Exposure
Msmtp - Config Exposure
Parameters.yml - File Discovery
Mongo Express - Unauthenticated Access
Apache Airflow Configuration Exposure
Dockerrun AWS Configuration Exposure
Apache Config file disclosure
Appspec Yml Disclosure
Explore more from Akto
Blog
Be updated about everything related to API Security, new API vulnerabilities, industry news and product updates.
Test Library
Discover and find tests from Akto's 100+ API Security test library. Choose your template or add a new template to start your API Security testing.
Documentation
Check out Akto's product documentation for all information related to features and how to use them.